Awesome PowerPoint Background Template
Slide *
Maximizing Company Benefits and Business Intelligence Through
Audit Software
Developed by: Richard B. Lanza, CPA,
[email protected]
Slide *
AgendaQuick overview of CAATsAudit softwares reason for
beingMending the divide between operational and IT auditingAudit
software changing the audit processFraud and the CAAT
auditorContinuous monitoringAuditSoftware.NET community websiteFree
tools
Slide *
Who am I?Richard B. Lanza, CPAHave saved millions of dollars for
clients/organizations using CAATS
Wrote the first book on how to practically apply a data
extraction/analysis software.and three more
Was an ACL and IDEA trainer
Developed the first community focused around audit software
Currently works as an Internal Audit manager for a Fortune 500
retailer, establishing continuous monitoring systems
Slide *
Quick Overview of CAATs
Slide *
Where Are We In the Audit Software
Evolution?EnthusiastsVisionariesThe GapEarly MajorityLate
MajorityLaggards1990198019982000
Slide *
Show of HandsHow many people currently use audit software:
At least once a year?
More than five times a year?
On practically every audit?
Slide *
Group Exercise
Why will I (and why will I not) use audit software?
Slide *
Why I Wont Do This..Every audit I do is different so why build
software when I need to frequently change it?
Getting data takes time
I might actually find something wrong
My ERP system does this already
Management doesnt want me to do such services.management should
manage themselves
Slide *
Whats In It For Me?.Why Do This For Me?Learn a not-so-new
skill
Learn about technology
Have more free time to focus on understanding the business
Have more free time
Slide *
Whats In It For Me?.Why Do This For The Company?Maintain
Sarbanes-Oxley compliance
Build automated intelligence
Quick ROI (112% per recent CDC study)
Increase efficiency/quality
Slide *
Audit Softwares Reason for Being
Slide *
Popular Audit Software Tools@RiskAccess
(Microsoft)ACLDATASEasytrieveExcel (Microsoft)
IDEAMonarchSASWizRule
Slide *
End-Goal of Business Intelligence SoftwareThe optimal BI
solution is deployed across the entire enterprise, equipping
hundreds or thousands of employees with analytic information. From
line managers to the executive suite it gets widely deployed and
used. Users can access real-time data,manipulate it,drill down to
find root causes,analyze trends,and provide a check and balance.
Workers at every level get the information they need to make the
right decisions,at the right time,resulting in a more
effective,responsive,and profitable company. (Informatica)
Slide *
A Strong Information & Communication Channel (COSO)Obtaining
external and internal information, and providing management with
necessary reports on the entitys performance relative to
established objectivesProviding information to the right people in
sufficient detail and on time to enable them to carry out their
responsibilities efficiently and effectivelyDevelopment or revision
of information systems based on a strategic planManagements support
for the development of necessary information systems
Slide *
Whats the Difference?NOTHING!
Slide *
Group Exercise1. Do you regularly do an information and
communication audit?2. What is preventing you from doing an
information and communication audit?3. Could this be a new audit
service?
Slide *
Business Intelligence In ActionBusiness Intelligence
provides:Increased visibility into the organizationTimely access to
specific quantification
CEO asks Bob why sales are down:Report will take a week to
deliverBob resorts to qualitative data interviews to determine we
must have discounted products which was common recentlyIf report
was delivered, Bob could have noted that the eastern regions major
customer had reduced orders after a multitude of complaints were
receiveWith the report, Bob now has a specific problem and solution
to report
Slide *
Then What are the Benefits of Using an Audit Software in
Conjunction With a BI Tool? Audit software is:Independent of the
systems being used to generate reports
One tool versus the many BI tools used in a company lowering
training costs
Capable of performing some audit-specific tests
Many tools maintain audit logs for workpapers
Slide *
What Are They Looking For?Clarity for navigation and opportunity
identificationAuditors - Looking for answers to audit questions (Is
management reporting accurate sales, are payables complete, etc.)
Trust but verify
Fraud Investigators Looking for fraud (Where is the evidence of
fraud, where is the audit trail, etc.)
Management How can I better manage my business? (have I reported
all sales, paid vendors appropriately, etc.)
Slide *
Balanced Scorecard MeasuresExecutives understand that using
financial accounting measures such as ROI and EPS can give
misleading signals for continuous improvement and innovation
activities todays competitive marketplace demands. The traditional
financial measures worked well for the industrial era, but they are
out of step with the skills and competencies companies are trying
to master today
----Kaplan and Norton, The Balanced Scorecard
Slide *
How Do You Look? Turning data into better actions1. Learn to ask
the right questions2. Determine the answer using audit software3.
Deliver the answer using the most convenient medium
Slide *
Learn to Ask the Right QuestionsPersonal experience Community
experience
Case studies
Brainstorm/Risk assess
Hire a consultant
Slide *
Determine the AnswerStandard process reports
Ad hoc reports
Statistical analysis
Relationship analysis (finding answers without asking
questions)
Slide *
Deliver the Answer Empowering ManagementUse the most efficient
medium
Get the information in the hands of the end user in the format
they most desire (i.e., PDA, Web page, print out, etc.)
Consider personalized information portals
Design proactive triggers for key actions
Slide *
Im Confused: Should Management or Auditors Do This?Auditors
should help management design these systems (if they have not done
so already)
Auditors should NOT be the report bottleneck systems should
integrate their findings
Auditors should ensure information channels are flowing
accurately, completely, and efficiently.
Auditors should then ensure that report answers are being acted
upon
Slide *
How Is Rich Doing It?ACL and Access are used as ad-hoc reporting
tools
ACL is used for batch applications
Access and Excel are used for end user report deliveryUsing the
best tools for their requisite strengths
Slide *
Prototype and BridgeData Provided by MIS on ServerData Analyzed
in an Ad-Hoc Fashion by ACL/IDEA and Reports ReviewedSelected
Reports Are Developed Using An ACL Batch and Reported in
Access/Excel
Slide *
Recent QuotesIn these days, the most important thing is to help
customers extract additional value from investments theyve already
made. Companies are not looking to rip and replace systems, theyre
looking to extend them Peter Graf, SVP-Marketing at SAP
Theres also plenty of room for apps focused on special business
problems that can be implemented quickly and show high ROI Peter
Gassner VP - PeopleSoft
Slide *
Mending the Divide Between IT and Operational Auditing
Slide *
Group ExerciseWho completes your audit software work?
-It Auditor-Operational Auditor-IT/Operational Auditor
Slide *
Auditors RoleIdentify opportunities for audit software
Define test/report requirements
Promote benefits to the client
Assist in obtaining/verifying data for processing
Evaluate results of processing
Slide *
Focus More on the IThe printer tycoons began their reign around
1520.and by 1580 or so, the printers, with their focus on
technology, had become ordinary craftsmen.
Their place was taken by what we now call publishers, people and
firms whose focus was no longer on the T in IT, but on the I. They
focused more on the MEANING of information, not its production.
Peter F. Drucker
Slide *
Focus More on the I
"Technology is just part of the solution.It is the combination
of both people and technology....that is where the magic
happens
John Mertyl-President, Tomoye
Slide *
Focus More on the IInternal auditors are in an exceptional
position to provide business intelligence to internal customers
given their knowledge: holistically about the business of
accounting and finance in the areas of risk and what can go wrong
of data management, security, and basic reporting
Rich Lanza
Slide *
IT Teams Role(This role could be served by the same
person)Responsible for obtaining data
Process all reports
Assist in evaluating results
Maintain and forward documentation
Slide *
Where we are TodayAccounting and Audit SkillsTechnology
Skill
Slide *
Where We Need to beAccounting and Audit SkillsTechnology
Skills
Slide *
Lessons Learned DatabaseDocument work completed for subsequent
auditsSummarize resultsHave a Knowledge Base Champion
Slide *
Slide *
Four Cardinal Faults WhenUsing Audit SoftwareNot getting
everyone involvedNot planning ahead to define requirements/get
dataNot documenting work for next yearBeing afraid to tryCAATs
Slide *
Audit Software Changing the Audit Process
Slide *
The Audit Software Process
Slide *
12 Tools of Audit
SoftwareSampleSortSummarizeJoinMergeExtractAgeStratifyRecalculateExportSequence
DuplicatesSequence Gaps
Slide *
Pointing you in the right direction
Regression
Monte Carlo Analysis Digital Analysis
Stratifications / Comparisons
predict balances for comparison to actualsimulate results
analyze digit and number patterns for exceptionsassess the
relative size of transactions and balances
Slide *
Regression Variable Examples(Computer Log Analysis) - # of
network lines, # of employees, minutes of network access between
5:00 p.m. and 9:00 a.m., and # of remote access logins
(Unauthorized payments) - # of checks issued, # of vendors paid,
# of vendors paid that have the same address as employees, # of
payments made immediately below the approval limit (e.g., between
900 and 999 for a 1,000 approval limit), and month of year
Slide *
Why Digital Analysis?Quickly highlights issues (less than 2
hours per audit)
Expands audit coverage
Its proven
It can instantly be applied (no training necessary)
Slide *
What does it do?Analyzes all types of data
Reconciles data to THE LAW
Looks for Trends
Identifies Duplication Patterns
Round Number Search
Slide *
Continuous Digital Analysis is the Answer
Slide *
The Audit Process Without Audit SoftwareWorking around the
systemPlanning - Questionnaires, some analyticals, and review prior
year workpapers
Internal Control - Complete process memo, select samples and
vouch to support
Substantive Procedures Scan reports, select manual samples,
complete manual recalculations, vouch to support, perform physical
inspection, inquire and observe with the client
Slide *
Statement On Auditing Standards #80
It may be difficult or impossible for the auditor to access
certain information for inspection, inquiry, or confirmation
without using information technology.
Slide *
The Audit Process With Audit Software Working through the
systemPlanning - Stratifications, stronger analyticals, and
exception reporting on key indicators (using 100% of the data)
Internal Control - Verify data and applications, identify dirty
data, select samples, review exception reports on controls
Substantive Procedures Research exception reports, perform
minimal sampling and use the 12 tools of audit software
Slide *
Practical example Accounts payable systemPlanning
activitiesThrough file import and analysis, you can come up with
the did you know that. . . questions that help management identify
risksInsignificant areas can be located and eliminatedControl
evaluation and verificationAuthorization levelsCheck mathematical
accuracy and cutoffCheck for duplicate payments
Slide *
Checking the mathematical accuracy of schedules
Stratifying information for scope testing
Exception reporting can complete 100% testing in less time
Samples (when needed) can be selected in less time
Increase Efficiency/Quality
Slide *
Group Exercise
Where can I use audit software for improved
efficiency/quality?
Slide *
Provide clients with better business advice Provide better
information to run their businessReduce the audit burden by
directly accessing data and generating desired reportsImprove
Service / Add Value / Provide New Perspectives
Slide *
Group Exercise
Where can I use audit software for adding value and giving new
perspectives?
Slide *
Getting Down and Dirty1) Plan the attackIdentify key risk
areaDevelop process flow diagram and memoDevelop data flow diagram
and memoAssess integration issues and control gaps
2) Run the audit tests
Slide *
Fraud and the CAAT Auditor
Slide *
Document PurposeThe purpose of this document is to assist
auditors, fraud examiners, and management in implementing data
analysis routines for improved fraud prevention and detection. To
that end, the document provides:
General guidance in the implementation of audit software.A
comprehensive checklist of data analysis reports that are
associated with each occupational fraud category per the
Association of Certified Fraud Examiners classification system.A
report description and data file(s) needed to effectuate each
identified report.
Slide *
Need for the DocumentThe need for this document arises from the
fact that there are many publications that discuss auditing for
fraud using a computer but there was no comprehensive resource for
the types of audit reports that needed to be run for each
individual fraud type .until now.
It is hoped that through the dissemination of this new
information that more consideration and analysis will be done using
audit software to prevent and proactively detect organizational
fraud.
Slide *
Fraud Categories Aligned to ReportsConflicts of Interest Bribery
/ Illegal Gratuities / ExtortionFictitious Revenues / Timing
DifferencesUnderstated Liabilities and ExpensesOverstated
Assets/ValuationImproper DisclosuresNon-Financial Fraudulent
StatementsCash LarcenySkimmingInventory Misuse / LarcenyBilling
SchemesPayroll SchemesExpenses Reimbursement SchemesCheck
TamperingRegister Disbursements
Slide *
Continuous Monitoring
Slide *
AICPA/CICA ReportContinuous Auditing is an assurance engagement
resulting in an independent auditors report, issued at short
intervals or on an immediate basis, that includes:an opinion on a
written assertion by management that evaluates, using suitable
criteria, subject matter for which management is responsible; oran
opinion that provides a direct evaluations, using suitable
criteria, of subject matter for which management is responsible
Slide *
Continuous AuditingContinuous monitoring provides an additional
control layer:
comparing data across multiple sourcesindependent of system
being auditedable to process large volumes of dataprompt
notification of issues
Slide *
Not So Fast!!!.We Need to Walk Before We RunReal time financial
reporting will help solve stock price volatility Forbes
XBRL provides a common platform for critical business reporting
processes and improves the reliability and ease of communicating
financial data among users internal and external to the reporting
enterprise. XBRL.ORG
Slide *
Continuous MonitoringIssues and SolutionsIssueMany of these
systems would be too costly to develop to effectively monitor all
major systemsand would then require a team of auditors to review
the report information.
SolutionsFocus on risk prone areas first, show the economic
value of monitoring reports, and organically grow systems, using a
common architecture, throughout the organization. Have the CFO/CEO
as the main customers of this business intelligence will help to
sell it throughout the organization. Most cost is driven by system
customizations (i.e., ERP customizations) which should be reduced
as much as possible.
Slide *
Continuous MonitoringIssues and SolutionsIssueInstant reporting
could be inaccurate and, if not reviewed before submitting, could
lead to devastating impacts in the business/economy
SolutionsThis is not a current concern as the continuous
auditing routines could be internal, can be reviewed, and has the
Audit Committee as the main final reporting customer.
Slide *
Continuously Monitor/Build Automated IntelligenceSelect top
exception reports
Identify key analyticals
Build automated routines to execute on a timed schedule
Iterate the reports based on findings over time
Slide *
Considering Production-Grade System ReportsFull-service toolset
(i.e., Cognos) implemented by MIS Real-time updates Centralized
data mart for past versions Professional-grade data import tools
Automatic notification (Email, Pager) Personalized Web dashboard
Audit trails of all processing/reviews Unified security
Slide *
The ProcessUse a Software Lifecycle ApproachBusiness case Actors
and use cases
Process flow
Page design flow
Data flow diagram
Slide *
Group Question
Can auditors develop a continuous monitoring system and pass it
to management?
What are the risks inherent in doing this?
Do they ever need to pass it on?,,,,could it be an independent
control layer?
Slide *
Transition SummaryIdentify audit areas susceptible to the
application continuous auditing Start small.by focusing on the real
shockerGet the dataGet a beta version of the softwareRun the tests,
shock management, and cement the need for improved
analysis/intelligenceInventory skill set of audit team and develop
additional training planPrepare preliminary budget for
implementation planObtain any remaining senior management
buy-inBegin analysis/intelligence in the next shocker area
Slide *
Audit Software Capability SummaryProvides Transactional
Integrity (transactions are authorized, exist, accurate, complete,
etc.)
Assists in Complying with Sarbanes OxleyEfficiently Validates
SarbOx Control ActivitiesKey reports can provide control monitoring
for gap areas
Interactive Business Analysis for Improved Organizational
TransparencyLightweight / Non-intrusive / FlexibleAuditors Are in
the Best Position to Provide Company Analysis Given Their Financial
and Risk CompetenciesQuick ROI
Supports Information and Communication Audits in Line with
COSO
Independently Performs Data Integrity Reviews
Improves the Efficiency and Quality of Audits
Slide *
Maximizing Company Benefits and Business Intelligence Through
Audit Software
Developed by: Richard B. Lanza, CPA,
[email protected]
Your audienceList of apps to combat fraudTools to help get
data
Bring my websiteBring magic tricks
Quick overview of CAATSHistory - credibilityHow many use itHow
many are hands onWhy not - How do we get around that30 minutes
What is the end goal of doing all of this reporting?Turning data
into actionable decisions-Thinking up the question-Determine the
answer-Delivering of the answer
Meeting the information&communication channel of COSOThe
optimal BI solution is deployed across the entire
enterprise,equippinghundreds or thousands of employees with
analytic information.From linemanagers to the executive suite it
gets widely deployed and used.Users canaccess real-time
data,manipulate it,drill down to find root causes,analyzetrends,and
provide a check and balance.Workers at every level get
theinformation they need to make the right decisions,at the right
time,resultingin a more effective,responsive,and profitable
company. (Informatica)
How to we get to actions-Need to learn the right questions
through past experience in business and with the data--experience
can be gained through communities--review all the areas --customer
success stories--get some consulting....some of it is a "good"
thing
Determine the answer - Run reports-Ad hoc reports-standard
reports-relationship tools integrated across platforms, functions,
and years-statistical analysis-Having the answer present itself
through relationships
Deliver the answer - Distribute through various easy-to-use
channels-Proactive reporting/triggers-Need to get data out of
mainframes and into the hands of actionable users-persoanlized web
dashboards (information delivery)-Mobile PDA information
Continuous Monitoring does not have to be and should not be an
AUDIT thing....it doesn't need the bad tinge that audit gives
it-fraud reports could be run at the local level with a secondary
audit review-WE NEED AS AUDITORS TO NOT SO MUCH RUN THE REPORTS IN
A GOTCHA MODE BUT RATHER PROVIDE THEM IN AN ASSISTANCE ROLE (AND
PLAY GOTCHA IF THEY DON'T USE THEM)-Good reports do not need to be
AUDIT reports
IDC reports that BI provides a 112% ROI
Mend the divide between IT and financial/operational-IT needs
help--too much on their plate--many have no concept of business
Who are the actors-Auditors - Looking for answers to audit
questions - is management reporting accurate sales, payables
complete, etc.-Fraud Investigators - where is the evidence of
fraud, where is the audit trail, etc.-Management - Same questions
but from the perspective of doing it right (have I reported all
sales, paid vendors appropriately,
etc.)--Finance--Sales--Distribution--etc.
Have a picture of the small group of auditors automating their
world but missing the larger world.
-examples of great ideas where the manual auditors need to sit
with the technology guys-talk about the types of commands-give them
a brainstorming tool45 minutes
Community & BreakWhat is available at the siteHow do we get
around this?20 minutes
Why they are greatUnderstand the types of audit reportsDo case
studies60 minutes
Types of fraudHow to fight fraud with CAATs20 minutes
Have jpeg of access/idea/acl/excel with thinking above itMine
with sections of the data mine in a picture
Transactional processors have not been good at data auditing
Use acl/idea to prove value...to test the system
The thinking is the hardest part-any programmed can do
this....you need to know exactly what you want which is specific to
each company--categorize data--understand further
Yet I see us falling back in the time frame as many audit shops
had a spike in effort but never sustained itIt is an iterative
process that improves over timeMoves your audit shop more towards
auditing on a continuous basisBoth quality and efficiency
increaseYour audit programs should have these tests peppered
throughoutThis is where it is at! Doing your audit work more
efficiently really doesnt matter much